[TriLUG] OpenBSD VPN doesn't initiate VPN to Cisco ASA

Ron Kelley rkelleyrtp at gmail.com
Wed Dec 9 07:24:42 EST 2009


Have you spoken to any Cisco guys about this?  I have a friend who is an ASA expert and could put you in touch with him if necessary...

-Ron



On Dec 8, 2009, at 10:21 PM, Chris Bullock wrote:

> We have many tunnels (about 50) and for some reason I just set up a tunnel with a Cisco ASA and we can not initiate the connection from the OpenBSD side.  If the Cisco side pings a device on the OpenBSD side the tunnel comes up.  On the Cisco side they have bidirectional enabled, and they are not seeing the OpenBSD try to initiate the tunnel.  Running tcpdump I have confirmed that we are not trying to connect.  I asked the openbsd guys and the only response is that for some reason the Cisco is sending a "DELETE SA" which forces my BSD box to drop the tunnel and not attempt to reconnect.  This is indeed the case.  Even though this is happening, I need this tunnel to stay up.  Anyone know of a way to force OpenBSD to bring up 1 tunnel or ever experienced this behavior.
> 
> 
> Any help would be appreciated,
> Regards,
> Chris
> 
> 
> 
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions

Thanks,

-Ron
rkelleyrtp at gmail.com




More information about the TriLUG mailing list